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CLAIM AMENDMENTS 



Claim Amendment Summary 
Claims pending 

• At time of the Action: Claims 1-15 and 18-35. 

• After this Response: Claims 1-15, 18-26, and 28-35. 
Canceled or Withdrawn claims: 27. 

Amended claims: 1, 8, 18, 23, 24, 28, and 29. 
New claims: none. 



Claims: 



1. (Currently Amended) A method for accommodating a 
legacy application, the legacy ap plication having provision s for a low-level 
credential authoriz ation model whi ch employs usernam e-and-p assword 
based aut horization , the method comprising: 

obtaining a request for a high-level credential from a legacy 
application, wherein a high-l evel credential authorization m odel does not 
employ usemame-and-password based authorization : 

marshalling the requested high-level credential, the mar shalling is 
character ized bv converting a descrip t ion of the high-leve l credenti al into a 
format recognizable as a low-level credential by the le gacy ap plication 
employin g a low-level creden tial auth orization model ; 

returning the marshaled credential to the legacy application. 
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2. (ORIGINAL) A method as recited in claim 1 further 
comprising, after the obtaining, seeking the requested credential in a 
database of credentials. 

3. (Original) A method as recited in claim 1, wherein a high- 
level credential is a credential selected from a group composed of X.509 
Certificates and bio-metrics. 

4. (ORIGINAL) A method as recited in claim 1, wherein the 
marshaled credentials appear to be a conventional username/password pair 
to the legacy application. 

5. (ORIGINAL) A method as recited in claim 1, wherein 
marshalling comprises: 

obtaining the requested high-level credential; 

pickling the requested high-level credential to generate a low-level 
credential that represents the requested high-level credential while 
appearing to be a conventional username/password pair to the legacy 
application. 

6. (ORIGINAL) A method as recited in claim 1, wherein the 
legacy application never has access to the high-level credential. 
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7. (Original) A computer-readable medium having computer- 
executable instructions that, when executed by a computer, perform a 
method as recited in claim 1. 



8. (CURRENTLY AMENDED) In a computing environment 
where processes have a provision for low-level credentials but have no 
provision for high-level credentials, wherein a provision for low-level 
credentials employs usernam e-and-password base d authori zation while a 
provision for high-level credential s does not employ use mame-and - 
password based authorization, a method for accommodating such processes 
comprising: 

obtaining a request for a credential from a process, wherein the 
requested credential is a high-level credential, which i s not username-and- 
password based: 

retrieving the requested credential from a database; 

converting the requested high-level credential into a format 
approximating a low-level credential and representative of the requested 
high-level credential; 

returning the converted credential to the process. 
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9. (ORIGINAL) A method as recited in claim 8, wherein a high- 
level credential is a credential selected from a group composed of X.509 
Certificates and bio-metrics. 
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10. (ORIGINAL) A method as recited in claim 8, wherein the 
converted credentials appear to be a conventional username/password pair 
to the process. 

11. (ORIGINAL) A method as recited in claim 8, wherein the 
process never has access to the high-level credential. 
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12. (ORIGINAL) A computer-readable medium having computer- 
executable instructions that, when executed by a computer, perform a 
method as recited in claim 8. 

13. (ORIGINAL) A method for authenticating a user to a 
network, the method comprising: 

obtaining a request for a credential to authenticate the user to access 
a resource within the network, wherein the resource requires an appropriate 
credential before the user may access the resource; 

locating the appropriate credential; 

returning the appropriate credential to the resource within the 
network, so that the resource allows the user to access such resource; 
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wherein the obtaining, locating, and returning are performed without 
user interaction so that the user need not be aware that such steps are being 
performed. 

14. (ORIGINAL) A method as recited in claim 13 further 
comprising repeating the obtaining, locating, and returning for a different 
network that is authenticated using a different credential. 

15. (ORIGINAL) A computer-readable medium having computer- 
executable instructions that, when executed by a computer, perform a 
method as recited in claim 13. 

16. (Canceled) 

17. (Canceled) 
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18. (CURRENTLY AMENDED) A credential management 

architecture, comprising: 

a trusted computing base (TCB) that has full access to persisted 
credentials, the TCB being configured to interact with an untrusted 
computing layer (UTCL) that accesses the persisted credentials via the 
TCB; 

the TCB comprises: 

a credential management module configured to receive 
requests from the UTCL for a high-level credential for a resource, 
the high-level credential being associated with a user and n ot being 
username-and-passwor d based authorization: 

a credential database associated with the user, wherein 
credentials are persisted within the database; 

the credential management module being configured to 
retrieve credentials from the database. 



19. (Previously Presented) An architecture as recited 
in claim 18, wherein credential management module is further configured 
to marshal a requested high-level credential and return the marshaled 
credential to the UTCL. 



20. (ORIGINAL) An architecture as recited in claim 18, wherein 
the marshaled credentials appear to be a conventional username/password 
pair to the UTCL. 
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21. (ORIGINAL) A computer-readable medium having computer- 
executable instructions that, when executed by a computer, employ an 
architecture as recited in claim 18. 

22. (ORIGINAL) An operating system embodied on a computer- 
readable medium having computer-executable instructions that, when 
executed by a computer, employ an architecture as recited in claim 18. 

23. (Currently Amended) An apparatus comprising: 
a processor; 

a marshaler executable on the processor to: 

obtain a high-level credential wherein a high-level credential 
is employed in an authorizatio n model which is no t userna me-and- 
password bas ed authorization: 

convert the high-level credential to generate a representation 
of the high-level credential that is formatted as a low-level credential 
so that it appears to be a conventional username/password pair. 
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24. (CURRENTLY AMENDED) A low-level-credential-application 
accommodation system comprising: 

.a request obtainer configured to obtain a request for a high-level 
credential from a low-level-credential-application j ^^her ein low-level 
credentials utilizes username-a nd-pass word based authorizat ion while hiqh- 
level credentials do not employ username-and-password based 
authorization; 

a credential retriever configured to retrieve the requested credential 
from a database of credentials; 

a marshaller configured to marshal the requested credential and 
return the marshaled credential to the low-level-credential-application ^Jhe 
marshalling performed bv the marshaller is characterized bv converting a 
descripti on of the high-level credential into a format recog nizable as a low- 
level credential bv the low-level-creden tial-appli cation employing a low- 
level cred ential authorization model 

25. (ORIGINAL) A system as recited in claim 24, wherein a high- 
level credential is a credential selected from a group composed of X.509 
Certificates and bio-metrics. 

26. (ORIGINAL) A system as recited in claim 24, wherein the 
marshaled credentials appear to be a conventional usemame/password pair 
to the legacy application. 
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28. (CURRENTLY Amended) A system as recited in claim 24, 
wherein the l eg a cy a pplication low-level-credential -application never has 
access to the high-level credential. 

29. (Currently Amended) A system for authenticating a user 
to a network, the system comprising: 

a request obtainer configured to obtain a request for a high-level 
credential to authenticate the user to access a resource within the network, 
wherein the resource requires an appropriate credential before the user may 
access the resource , wherein a high -level credential do not utilize 
username-and-password bas ed for high-level credential authorization ; 

a credential retriever configured to retrieve the appropriate high- 
level credential from a database of credentials; 

a credential marshaller configured to generate a representation of the 
high-level credential that is formatted as a low-level credential so that it 
appears to be a conventional username/password pain wherein a low-level 
credential utilizes username-and-password based authorization ; 

a credential returner configured to return the marshaled credential to 
the resource within the network, so that the resource allows the user to 
access such resource; 

wherein the obtainer, retriever, marshaller, and returner are further 
configured to operate without user interaction. 
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30. (ORIGINAL) An operating system comprising a system as 
recited in claim 29. 



31. (ORIGINAL) A network environment comprising a system as 
recited in claim 29. 



32. (ORIGINAL) An application programming interface (API) 
method comprising: 

receiving a CredUI-promptfor-credentials call having a set of 
parameters comprising a TargetName, Context, AuthFlags, and Flags; 

parsing the call to retrieve the parameters to determine a specified 
resource; 

obtaining a credential; 

associating the credential with the specified resource; 
persisting the credential into a database while maintaining the 
credential's association with the specified resource. 



33. (ORIGINAL) A method as recited in claim 32, wherein the set 
of parameters further comprises an indicator of a data structure containing 
customized information to display in conjunction with a user interface. 



34. (ORIGINAL) An application programming interface (API) 
method comprising: 

receiving a CredUI-promptfor-credentials call having a set of 
parameters comprising a TargetName, UserName, Password, and Flags; 
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parsing the call to retrieve the parameters to determine a requesting 
application; 

obtaining a low-level credential from a user, wherein such credential 
includes a usemame and a password; 

returning the low-level credential to the requesting application. 

35. (ORIGINAL) A method as recited in claim 34, wherein the set 
of parameters further comprises an indicator of a data structure containing 
customized information to display in conjunction with a user interface. 
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